Book Review: Introduction To Cyber-Warfare: A Multidisciplinary Approach

← Back to Stories (view on slashdot.org)

Book Review: Introduction To Cyber-Warfare: A Multidisciplinary Approach

Posted by samzenpus on Monday August 4, 2014 @06:10AM from the read-all-about-it dept.

benrothke writes Cyberwarfare is a controversial topic. At the 2014 Infosec World Conference, Marcus Ranum gave a talk on Cyberwar: Putting Civilian Infrastructure on the Front Lines, Again. Whether it was the topic or just Marcus being Marcus, about a third of the participants left within the first 15 minutes. They should have stayed, as Ranum, agree with him or not, provided some riveting insights on the topic. In Introduction to Cyber-Warfare: A Multidisciplinary Approach, authors Paulo Shakarian, Jana Shakarian and Andrew Ruef provide an excellent overview of the topic. The book takes a holistic, or as they call it multidisciplinary, approach. It looks at the information security aspect of cyberwarfare, as well the military, sociological and other aspects. Keep reading for the rest of Ben's review. Introduction to Cyber-Warfare: A Multidisciplinary Approach author Paulo Shakarian, Jana Shakarian and Andrew Ruef pages 336 publisher Syngress rating 9/10 reviewer Ben Rothke ISBN 978-0124078147 summary Outstanding overview and guide to cyberwarfare The book is divided into 3 parts and 13 densely packed and extremely well-researched and footnoted chapters. The book provides numerous case studies of the largest cyberwarfare events to date. Issues around China and their use of cyberwarfare constitute a part of the book. Chapter 7 details the Chinese cyber strategy and shows how the Chinese cyber doctrine and mindset is radically different from that of those in the west.

The book compares the board games of chess (a Western game) and Go (a Chinese game) and how the outcomes and strategies of the games are manifest in each doctrine.

The chapter also shows how the Chinese government outlawed hacking, while at the same time the military identified the best and most talented hackers in China, and integrated them into Chinese security firms, consulting organizations, academia and the military.

One of the more fascinating case studies details the cyber war against the corporate world from China. The book provides a number of examples and details the methodologies they used, in addition to providing evidence of how the Chinese were involved.

For an adversary, one of the means of getting information is via social networks. This is often used in parallel by those launching some sort of cyberwarfare attack. LinkedIn is one of the favorite tools for such an effort. The authors write of the dangers of transitive trust; where user A trusts user B, and user B trusts user C. Via a transitive trust, user A will then trust user C based simply on the fact that user B does. This was most manifest in the Robin Sage exercise. This was where Thomas Ryan created a fictitious information security professional names Robin Sage. He used her fake identity and profile to make friends with others in the information security world, both commercial, federal and military and he was able to fool even seasoned security professionals. Joan Goodchild wrote a good overview of the experiment here.

In chapter 10, the book details how Iraqi insurgents viewed Predator drones video feeds. Woody Allen said that eighty percent of success is just showing up. In this case, all the insurgents had to do was download the feed, as it was being transmitted unencrypted. Very little cyberwarfare required.

When the drone was being designed, the designers used security by obscurity in their decision not to encrypt the video feed. They felt that since the Predator video feeds were being transmitted on frequencies that were not publicly known, no access control, encryption or other security mechanisms would be needed.

The downside is that once the precise frequency was determined by the insurgency, in the case of the Predator drone, the Ku-band, the use of the SkyGrabber satellite internet downloader made it possible for them to effortless view the video feeds.

The only negative about the book is a minor one. It has over 100 pictures and illustrations. Each one states: for the color version of this figure, the reader is referred to the online version of the book. Having that after every picture is a bit annoying. Also, the book never says where you can find the online version.

How good is this book? The reality is that this book should indeed be read by everyone in Washington, as they are making decisions on the topic, without truly understanding it.

For most readers, this will be the book that tells them everyone they need to know that their congressman should know. Most people will never be involved with any sort of warfare, and most corporate information security professional will not get involved with cyberwarfare. Nonetheless, Introduction to Cyber-Warfare: A Multidisciplinary Approach is a fascinating read about a most important subject.

Reviewed by Ben Rothke

You can purchase Introduction to Cyber-Warfare: A Multidisciplinary Approach from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available for review from our library please let us know.

27 comments

Min score:

Reason:

Sort:

Please proofread by azav · 2014-08-04 06:28 · Score: 1

> it possible for them to effortless view the video feeds. effortlessly* view the video feeds

--
- Zav - Imagine a Beowulf cluster of insensitive clods...
For the Color Versions by disposable60 · 2014-08-04 06:31 · Score: 1

If you're a _real_ CyberCombatant, locating the online version should be a dawdle.

--
You're looking for quotes? See my journal.
1. Re:For the Color Versions by Guy+From+V · 2014-08-04 07:03 · Score: 1
  
  I hacked Google, mission accomplished.
2. Re:For the Color Versions by Whibla · 2014-08-04 20:04 · Score: 1
  
  If you're a _real_ CyberCombatant, locating the online version should be a dawdle.
  I would think any competent person could do it slightly faster than this...
and it's already out-of-date by turkeydance · 2014-08-04 06:39 · Score: 1

the next one is, too.
1. Re:and it's already out-of-date by preaction · 2014-08-04 06:40 · Score: 1
  
  For 0-day exploits, we need -1-day patches.
2. Re:and it's already out-of-date by Anonymous Coward · 2014-08-04 08:07 · Score: 0
  
  the next one is, too.
  Yes, because users never need to be taught security policy more than once. They all "got it" the first time they were taught about passwords 30 years ago.
  That's also why they all still use the same password.
  Security books are often timeless because most of the common sense stuff can take years to implement in the real world. It's strange how the same people who religiously buckle up in a car because something bad might happen will write down their new password and stick it somewhere obvious.
Really? This made it past an editor? by Anonymous Coward · 2014-08-04 06:40 · Score: 0

If the book is as badly written as this review, it's not worth it.
1. Re:Really? This made it past an editor? by Anonymous Coward · 2014-08-04 07:09 · Score: 0
  
  whats the problem with the review?
Culture of DoD and plain text drone feeds by laughingskeptic · 2014-08-04 06:41 · Score: 2

"They felt that since the Predator video feeds were being transmitted on frequencies that were not publicly known, no access control, encryption or other security mechanisms would be needed. " -- I am sure it wasn't that simple. As soon as you say 'encryption' in the defense world you open a can of worms that can set your project back as much as 2 years. These aren't technical set backs, but rather paperwork and process set backs. They were probably told by their government program manager to not put 'encryption' in their response because they probably didn't want to deal with the additional process burden. You can't do anything in the defense contracting world such as adding a feature like encryption without the government's program manager signing off on it and often find yourself constrained by law from implementing the best possible solution.
1. Re:Culture of DoD and plain text drone feeds by Anonymous Coward · 2014-08-04 07:02 · Score: 0
  
  "They felt that since the Predator video feeds were being transmitted on frequencies that were not publicly known, no access control, encryption or other security mechanisms would be needed. " -- I am sure it wasn't that simple. As soon as you say 'encryption' in the defense world you open a can of worms that can set your project back as much as 2 years. These aren't technical set backs, but rather paperwork and process set backs. They were probably told by their government program manager to not put 'encryption' in their response because they probably didn't want to deal with the additional process burden. You can't do anything in the defense contracting world such as adding a feature like encryption without the government's program manager signing off on it and often find yourself constrained by law from implementing the best possible solution.
  Yeah, ain't it a BITCH when predecessors write common sense security policies and mandate standard hardware encryption devices and algorithms be used when protecting the nations top secret data.
  I mean, who the hell needs security when you have obscurity to protect your defense contract work? After all, those paperwork setbacks can be such a pain in the ass...
  ...almost as painful as getting blackballed from future contracts for deploying a compromised system.
2. Re:Culture of DoD and plain text drone feeds by mrchaotica · 2014-08-04 08:09 · Score: 1
  
  As soon as you say 'encryption' in the defense world you open a can of worms that can set your project back as much as 2 years.
  Two years might be excessive, but to a certain extent that makes sense, since you have a lot of other concerns (key management, etc.) that go with it. Encryption is not a 'plug and play' kind of feature.
  
  --
  "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
3. Re:Culture of DoD and plain text drone feeds by TemporalBeing · 2014-08-04 09:06 · Score: 1
  
  "They felt that since the Predator video feeds were being transmitted on frequencies that were not publicly known, no access control, encryption or other security mechanisms would be needed. " -- I am sure it wasn't that simple. As soon as you say 'encryption' in the defense world you open a can of worms that can set your project back as much as 2 years. These aren't technical set backs, but rather paperwork and process set backs. They were probably told by their government program manager to not put 'encryption' in their response because they probably didn't want to deal with the additional process burden. You can't do anything in the defense contracting world such as adding a feature like encryption without the government's program manager signing off on it and often find yourself constrained by law from implementing the best possible solution.
  The big issue regarding encryption is showing that the encryption functionality is FIPS-140 compliant; aside from that it's not really that difficult. Been there - we just said "we use product X to do the encryption" and we were done. If they could use a FIPS certified encryption library then they're all done - just enable it.
  
  That said, given how certain other things work by using security through obscurity I wouldn't be surprised if they really did do that intentionally for reasons other than encryption.
  
  --
  Truth is like the sun. You can shut it out for a time, but it ain't goin' away. - Elvis Presley (source: imdb.com)
4. Re:Culture of DoD and plain text drone feeds by Anonymous Coward · 2014-08-04 11:14 · Score: 0
  
  ... can set your project back as much as 2 years
  Then don't set a schedule until you know what the requirements are! You're part of a proposal team, aren't you?
5. Re:Culture of DoD and plain text drone feeds by Anonymous Coward · 2014-08-04 11:16 · Score: 0
  
  It's not like they have an entire key management infrastructure and approved encryption products...oh wait, they do.
6. Re:Culture of DoD and plain text drone feeds by Lord+Lemur · 2014-08-05 04:50 · Score: 1
  
  Your looking at the wrong side of the encryption issue. The hardening of systems, the seperation of information and the certainty that it will fail safe (without intervention) if compromised (in the air, on the ground or after certain types of crash, but not from combat damage.) are significant issues.
  I beleive they should have been, but delaying a weapon system by 2 years during a time of war was not a tenable choice for those who got to decide.
7. Re:Culture of DoD and plain text drone feeds by Lord+Lemur · 2014-08-05 04:51 · Score: 1
  
  Was your encryption device strapped to the side of a transmitter?
8. Re:Culture of DoD and plain text drone feeds by TemporalBeing · 2014-08-06 06:37 · Score: 1
  
  Was your encryption device strapped to the side of a transmitter?
  Don't know. We just did software that ran on top Linux or Windows; so we referenced FIPS OpenSSL or Windows WinCrypt API and were approved since we didn't do any actual encryption ourselves.
  
  Now if you did the actual encryption yourself such that you essentially re-implemented OpenSSL or WinCrypt then I would certainly expect it to take a long time. But I'm pretty sure there are enough crypto devices within DoD there are numerous certified devices that could be utilized.
  
  --
  Truth is like the sun. You can shut it out for a time, but it ain't goin' away. - Elvis Presley (source: imdb.com)
9. Re: Culture of DoD and plain text drone feeds by Anonymous Coward · 2014-08-06 10:00 · Score: 0
  
  The problem is seperation of encrypted and non-encrypted data. Seperation of the plain text and key material from the transmitter.
10. Re:Culture of DoD and plain text drone feeds by laughingskeptic · 2014-08-12 02:23 · Score: 1
  
  FIPS-140 compliance is a given these days. That is not the issue. #1 you pick up an entire another organization that is going to want to participate in the project and perform a security review that may have been skirted if the word encryption was not mentioned. #2 the program office has to transfer funds to pay for this addition to the project instead of paying for more desired features. #3 there is much concern with the security of the encryption keys themselves when you put encryption on a device that is place in harms way. You have to demonstrate that the keys will be protected, they don't tend to care for per-mission keys. #4 as a result encryption winds up adding more weight than just bits because you need various tamper-proof devices. I have seen cases where the most important thing on a deployed device was the encryption key FOB. Which is just nuts I know, but that is the way it is. #5 the test plan grows, the system operation training grows, the documentation grows all adding additional costs to the project.
-1 day patches wont cut it by thieh · 2014-08-04 06:42 · Score: 1

because not everyone patches the stuff on the same day, some some people got crap like reboot to worry about. So expect the order to be -15 to -20 days patch for 0 day exploits
1. Re:-1 day patches wont cut it by Anonymous Coward · 2014-08-04 07:03 · Score: 0
  
  Well as long as you have a Guardian you should be okay.
  Just watch out for Hexadecimal and Megabyte!!
2. Re: -1 day patches wont cut it by Anonymous Coward · 2014-08-04 09:05 · Score: 0
  
  So that's het some companies must be waiting for an integer overflow
Just one correction by ddade · 2014-08-04 08:07 · Score: 1

The engineers who designed the Predator were not idiots, adopting Security through Obscurity. The feeds were not encrypted for at least two reasons: The Predator is supposed to be able to go at a moment's notice, and having to wait around to be keyed for the mission at hand as required by NSA, defeats the purpose. I've heard the expression "80% of my intelligence needs that I can have NOW, can share it with coalitions, and don't need a security officer and a safe to transport it around the battlefield is a dream come true..." In any case, the imagery doesn't tell anyone anything they don't already know, and has a quick "half-life" meaning it rapidly becomes irrelevant. It's just not worth encrypting. Not saying that we don't do stupid things, just that not encrypting the feed was not one of them.
1. Re:Just one correction by TemporalBeing · 2014-08-04 09:09 · Score: 1
  
  The engineers who designed the Predator were not idiots, adopting Security through Obscurity. The feeds were not encrypted for at least two reasons: The Predator is supposed to be able to go at a moment's notice, and having to wait around to be keyed for the mission at hand as required by NSA, defeats the purpose. I've heard the expression "80% of my intelligence needs that I can have NOW, can share it with coalitions, and don't need a security officer and a safe to transport it around the battlefield is a dream come true..." In any case, the imagery doesn't tell anyone anything they don't already know, and has a quick "half-life" meaning it rapidly becomes irrelevant. It's just not worth encrypting. Not saying that we don't do stupid things, just that not encrypting the feed was not one of them.
  There is one thing it tell them - where the drone is - GPS+Altitude inclusive. Given the speed of the drones, that could be enough time to "get out of the way" (for armed drones) or hide stuff (to limit intelligence gathering). If they're lucky, and the drone is flying low enough, then that could be enough for them to shoot it down too.
  
  --
  Truth is like the sun. You can shut it out for a time, but it ain't goin' away. - Elvis Presley (source: imdb.com)
2. Re:Just one correction by benrothke · 2014-08-04 10:39 · Score: 1
  
  Thanks. Good point worth reiterating. It was a management decision to design it like that.
  Bruce Schneier wrote about that issue a few times in reference to the Predator design, noting that security is a cost/benefit equation.
Well, now I know I don't need to read the book. by jeff4747 · 2014-08-04 14:18 · Score: 1

Thanks to this part:

In chapter 10, the book details how Iraqi insurgents viewed Predator drones video feeds. Woody Allen said that eighty percent of success is just showing up. In this case, all the insurgents had to do was download the feed, as it was being transmitted unencrypted. Very little cyberwarfare required.
When the drone was being designed, the designers used security by obscurity in their decision not to encrypt the video feed. They felt that since the Predator video feeds were being transmitted on frequencies that were not publicly known, no access control, encryption or other security mechanisms would be needed.
Wrong.
First, the Predator's video feed was not encrypted because encryption software and keys are classified. As a result, sharing those keys with coalition forces requires a mountain of paperwork. And sharing with one country doesn't mean you can share with another, leading to even more approvals.
Second and more importantly, encrypting the feeds also requires frequently updating security keys for soldiers in the middle of a war zone. That's not a very good idea, since soldiers can be cut off, and encryption gear can be captured.
Finally, encryption is of little value for the information in the data feed - the enemy forces are well aware of where they are, and will learn very shortly that they were being targeted.